swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 00:57:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: move drom pii-repo to repo-local piis

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-06-11 21:37:26 +02:00
parent 85cbd5e1f6
commit f414735247
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
21 changed files with 692 additions and 554 deletions
Download patch file Download diff file Expand all files Collapse all files

22
.sops.yaml
View file

@ -21,6 +21,28 @@ creation_rules:
- *toto
- *surface
- *nbl
- path_regex: hosts/nixos/nbl-imba-2/secrets/pii.nix.enc
key_groups:
- pgp:
- *swarsel
age:
- *nbl
- path_regex: hosts/nixos/winters/secrets/pii.nix.enc
key_groups:
- pgp:
- *swarsel
age:
- *winters
- path_regex: hosts/nixos/sync/secrets/pii.nix.enc
key_groups:
- pgp:
- *swarsel
age:
- *sync
- path_regex: hosts/darwin/nbm-imba-166/secrets/pii.nix.enc
key_groups:
- pgp:
- *swarsel
- path_regex: secrets/repo/[^/]+$
key_groups:
- pgp:

225
SwarselSystems.org
View file

@ -809,9 +809,8 @@ My work machine. Built for more security, this is the gold standard of my config
:CUSTOM_ID: h:567c0055-f5f7-4e53-8f13-d767d7166e9d
:END:
#+begin_src nix :tangle hosts/nixos/nbl-imba-2/default.nix
{ self, inputs, lib, primaryUser, ... }:
{ self, config, inputs, lib, primaryUser, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
sharedOptions = {
isBtrfs = true;
isLinux = true;
@ -834,7 +833,7 @@ My work machine. Built for more security, this is the gold standard of my config
];
node.secretsDir = ./secrets;
swarselsystems = lib.recursiveUpdate
{
firewall = lib.mkForce true;
@ -844,8 +843,8 @@ My work machine. Built for more security, this is the gold standard of my config
isImpermanence = false;
isSecureBoot = true;
isCrypted = true;
hostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname";
fqdn = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-fqdn";
inherit (config.repo.secrets.local) hostName;
inherit (config.repo.secrets.local) fqdn;
hibernation.offset = 533760;
profiles = {
amdcpu = true;
@ -1062,7 +1061,7 @@ This is my main server that I run at home. It handles most tasks that require bi
:CUSTOM_ID: h:8ad68406-4a75-45ba-97ad-4c310b921124
:END:
#+begin_src nix :tangle hosts/nixos/winters/default.nix
{ lib, primaryUser, ... }:
{ lib, config, primaryUser, ... }:
let
sharedOptions = {
isBtrfs = false;
@ -1084,14 +1083,15 @@ This is my main server that I run at home. It handles most tasks that require bi
};
networking = {
inherit (config.repo.secrets.local) hostId;
hostName = "winters";
hostId = "b7778a4a";
firewall.enable = true;
enableIPv6 = false;
firewall.allowedTCPPorts = [ 80 443 ];
};
node.secretsDir = ./secrets;
swarselsystems = lib.recursiveUpdate
{
isImpermanence = false;
@ -1170,10 +1170,9 @@ This is my main server that I run at home. It handles most tasks that require bi
A Mac notebook that I have received from work. I use this machine for getting accustomed to the Apple ecosystem as well as as a sandbox for nix-darwin configurations.
#+begin_src nix :tangle hosts/darwin/nbm-imba-166/default.nix
{ lib, inputs, ... }:
{ lib, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
workUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/work-user";
inherit (config.repo.secrets.local) workUser;
in
{
@ -1276,18 +1275,14 @@ This machine mainly acts as an external sync helper. It manages the following th
All of these are processes that use little cpu but can take a lot of storage. For this I use a free Ampere instance from OCI with 50G of space. In case my account gets terminated, all of this data is easily replaceable or backed up regularly anyways.
#+begin_src nix :tangle hosts/nixos/sync/default.nix
{ lib, primaryUser, inputs, ... }:
{ lib, primaryUser, ... }:
let
sharedOptions = {
isBtrfs = false;
isLinux = true;
};
secretsDirectory = builtins.toString inputs.nix-secrets;
workHostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname";
dev1 = lib.swarselsystems.getSecret "${secretsDirectory}/oci/sync/syncthing/dev1";
dev2 = lib.swarselsystems.getSecret "${secretsDirectory}/oci/sync/syncthing/dev2";
dev3 = lib.swarselsystems.getSecret "${secretsDirectory}/oci/sync/syncthing/dev3";
loc1 = lib.swarselsystems.getSecret "${secretsDirectory}/oci/sync/syncthing/loc1";
inherit (config.repo.secrets.common) workHostName;
inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1;
in
{
imports = [
@ -7159,10 +7154,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t
:END:
#+begin_src nix :tangle modules/nixos/server/navidrome.nix
{ pkgs, lib, inputs, config, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
in
{ pkgs, config, lib, ... }:
{
options.swarselsystems.modules.server.navidrome = lib.mkEnableOption "enable navidrome on server";
config = lib.mkIf config.swarselsystems.modules.server.navidrome {
@ -7221,10 +7213,12 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t
};
# Switch using --impure as these credential files are not stored within the flake
# sops-nix is not supported for these which is why we need to resort to these
LastFM.ApiKey = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/lastfm-secret";
LastFM.Secret = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/lastfm-key";
Spotify.ID = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/spotify-id";
Spotify.Secret = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/spotify-secret";
LastFM = {
inherit (config.repo.secrets.local.LastFM) ApiKey Secret;
};
Spotify = {
inherit (config.repo.secrets.local.Spotify) ID Secret;
};
UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
UIWelcomeMessage = "~SwarselSound~";
};
@ -8115,10 +8109,9 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
:END:
#+begin_src nix :tangle modules/nixos/server/syncthing.nix
{ lib, config, inputs, ... }:
{ lib, config, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
workHostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname";
inherit (config.repo.secrets.common) workHostName;
in
{
options.swarselsystems.modules.server.syncthing = lib.mkEnableOption "enable syncthing on server";
@ -8240,10 +8233,9 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
This manages backups for my pictures and obsidian files.
#+begin_src nix :tangle modules/nixos/server/restic.nix
{ lib, pkgs, config, inputs, ... }:
{ lib, pkgs, config, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
resticRepo = lib.swarselsystems.getSecret "${secretsDirectory}/restic/wintersRepo";
inherit (config.repo.secrets.local) resticRepo;
in
{
options.swarselsystems.modules.server.restic = lib.mkEnableOption "enable restic backups on server";
@ -10807,15 +10799,10 @@ Also in firefox `about:config > toolkit.legacyUserProfileCustomizations.styleshe
Sets environment variables. Here I am only setting the EDITOR variable, most variables are set in the [[#h:02df9dfc-d1af-4a37-a7a0-d8da0af96a20][Sway]] section.
#+begin_src nix :tangle modules/home/common/env.nix
{ lib, config, nix-secrets, ... }:
{ lib, config, nixosConfig, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon";
nautilusMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/nautilus";
mrswarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/mrswarsel";
swarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/swarsel";
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
allMailAddresses = lib.swarselsystems.getSecret "${secretsDirectory}/mail/list";
inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses;
inherit (nixosConfig.repo.secrets.common) fullName;
in
{
options.swarselsystems.modules.env = lib.mkEnableOption "env settings";
@ -10827,10 +10814,10 @@ Sets environment variables. Here I am only setting the EDITOR variable, most var
SWARSEL_HI_RES = config.swarselsystems.highResolution;
};
systemd.user.sessionVariables = {
SWARSEL_LEON_MAIL = leonMail;
SWARSEL_NAUTILUS_MAIL = nautilusMail;
SWARSEL_MRSWARSEL_MAIL = mrswarselMail;
SWARSEL_SWARSEL_MAIL = swarselMail;
SWARSEL_MAIL1 = address1;
SWARSEL_MAIL2 = address2;
SWARSEL_MAIL3 = address3;
SWARSEL_MAIL4 = address4;
SWARSEL_FULLNAME = fullName;
SWARSEL_MAIL_ALL = allMailAddresses;
};
@ -10984,11 +10971,10 @@ Eza provides me with a better =ls= command and some other useful aliases.
Here I set up my git config, automatic signing of commits, useful aliases for my ost used commands (for when I am not using [[#h:d2c7323d-f8c6-4f23-b70a-930e3e4ecce5][Magit]]) as well as a git template defined in [[#h:5ef03803-e150-41bc-b603-e80d60d96efc][Linking dotfiles]].
#+begin_src nix :tangle modules/home/common/git.nix
{ lib, config, nix-secrets, ... }:
{ lib, config, nixosConfig, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon";
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
inherit (nixosConfig.repo.secrets.common.mail) address1;
inherit (nixosConfig.repo.secrets.common) fullName;
in
{
options.swarselsystems.modules.git = lib.mkEnableOption "git settings";
@ -11012,7 +10998,7 @@ Here I set up my git config, automatic signing of commits, useful aliases for my
key = "0x76FD3810215AE097";
signByDefault = true;
};
userEmail = lib.mkDefault leonMail;
userEmail = lib.mkDefault address1;
userName = fullName;
difftastic.enable = true;
lfs.enable = true;
@ -11516,14 +11502,10 @@ Currently I only use it as before with =initExtra= though.
Normally I use 4 mail accounts - here I set them all up. Three of them are Google accounts (sadly), which are a chore to setup. The last is just a sender account that I setup SMTP for here.
#+begin_src nix :tangle modules/home/common/mail.nix
{ lib, config, nix-secrets, ... }:
{ lib, config, nixosConfig, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon";
nautilusMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/nautilus";
mrswarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/mrswarsel";
swarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/swarsel";
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
inherit (nixosConfig.repo.secrets.common.mail) address1 address2 add2Name address3 add3Name address4;
inherit (nixosConfig.repo.secrets.common) fullName;
in
{
options.swarselsystems.modules.mail = lib.mkEnableOption "mail settings";
@ -11552,8 +11534,8 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl
accounts = {
leon = {
primary = true;
address = leonMail;
userName = leonMail;
address = address1;
userName = address1;
realName = fullName;
passwordCommand = "cat ${config.sops.secrets.leon.path}";
gpg = {
@ -11584,7 +11566,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl
};
swarsel = {
address = swarselMail;
address = address4;
userName = "8227dc594dd515ce232eda1471cb9a19";
realName = fullName;
passwordCommand = "cat ${config.sops.secrets.swarselmail.path}";
@ -11607,9 +11589,9 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl
nautilus = {
primary = false;
address = nautilusMail;
userName = nautilusMail;
realName = "Nautilus";
address = address2;
userName = address2;
realName = add2Name;
passwordCommand = "cat ${config.sops.secrets.nautilus.path}";
imap.host = "imap.gmail.com";
smtp.host = "smtp.gmail.com";
@ -11634,9 +11616,9 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl
mrswarsel = {
primary = false;
address = mrswarselMail;
userName = mrswarselMail;
realName = "Swarsel";
address = address3;
userName = address3;
realName = add3Name;
passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}";
imap.host = "imap.gmail.com";
smtp.host = "smtp.gmail.com";
@ -12974,9 +12956,9 @@ Settinfs that are needed for the gpg-agent. Also we are enabling emacs support f
This service changes the screen hue at night. I am not sure if that really does something, but I like the color anyways.
#+begin_src nix :tangle modules/home/common/gammastep.nix
{ lib, config, nix-secrets, ... }:
{ lib, config, nixosConfig, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
inherit (nixosConfig.repo.secrets.common.location) latitude longitude;
in
{
options.swarselsystems.modules.gammastep = lib.mkEnableOption "gammastep settings";
@ -12984,8 +12966,7 @@ This service changes the screen hue at night. I am not sure if that really does
services.gammastep = {
enable = true;
provider = "manual";
latitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-latitude";
longitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-longitude";
inherit longitude latitude;
};
};
}
@ -13131,13 +13112,10 @@ The rest of the settings is at [[#h:fb3f3e01-7df4-4b06-9e91-aa9cac61a431][gaming
The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]. Here, I am setting up the different firefox profiles that I need for the SSO sites that I need to access at work as well as a few ssh shorthands.
#+begin_src nix :tangle modules/home/optional/work.nix :noweb yes
{ self, config, pkgs, lib, nix-secrets, ... }:
{ self, config, pkgs, lib, nixosConfig, ... }:
let
inherit (config.swarselsystems) homeDir;
secretsDirectory = builtins.toString nix-secrets;
dcUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/dc-user";
clUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/cl-user";
wsUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/ws-user";
inherit (nixosConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail;
in
{
options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings";
@ -13176,20 +13154,20 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
};
stylix.targets.firefox.profileNames = [
"dc"
"cl"
"ws"
"${user1}"
"${user2}"
"${user3}"
"work"
];
programs = {
git.userEmail = lib.swarselsystems.getSecret "${secretsDirectory}/work/git-email";
git.userEmail = lib.mkForce gitMail;
zsh = {
shellAliases = {
dssh = "ssh -l ${dcUser}";
cssh = "ssh -l ${clUser}";
wssh = "ssh -l ${wsUser}";
dssh = "ssh -l ${user1Long}";
cssh = "ssh -l ${user2Long}";
wssh = "ssh -l ${user3Long}";
};
cdpath = [
"~/Documents/Work"
@ -13199,42 +13177,42 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
w = "$HOME/Documents/Work";
s = "$HOME/.dotfiles/secrets";
pr = "$HOME/Documents/Private";
ac = "$HOME/.ansible/collections/ansible_collections/vbc/linux/roles";
ac = path1;
};
};
ssh = {
matchBlocks = {
"uc" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-prod";
user = "stack";
"${loc1}" = {
hostname = "${loc1}.${domain2}";
user = user4;
};
"uc.stg" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg";
user = "stack";
"${loc1}.stg" = {
hostname = "${loc1}.${lifecycle1}.${domain2}";
user = user4;
};
"uc.staging" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg";
user = "stack";
"${loc1}.staging" = {
hostname = "${loc1}.${lifecycle1}.${domain2}";
user = user4;
};
"uc.dev" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-dev";
user = "stack";
"${loc1}.dev" = {
hostname = "${loc1}.${lifecycle2}.${domain2}";
user = user4;
};
"cbe" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-prod";
user = dcUser;
"${loc2}" = {
hostname = "${loc2}.${domain1}";
user = user1Long;
};
"cbe.stg" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg";
user = dcUser;
"${loc2}.stg" = {
hostname = "${loc2}.${lifecycle1}.${domain2}";
user = user1Long;
};
"cbe.staging" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg";
user = dcUser;
"${loc2}.staging" = {
hostname = "${loc2}.${lifecycle1}.${domain2}";
user = user1Long;
};
"*.vbc.ac.at" = {
user = dcUser;
"*.${domain1}" = {
user = user1Long;
};
};
};
@ -13245,25 +13223,25 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
isDefault = false;
in
{
dc = lib.recursiveUpdate
"${user1}" = lib.recursiveUpdate
{
inherit isDefault;
id = 1;
settings = {
"browser.startup.homepage" = "https://tower.vbc.ac.at|https://artifactory.vbc.ac.at";
"browser.startup.homepage" = "${site1}|${site2}";
};
}
config.swarselsystems.firefox;
cl = lib.recursiveUpdate
"${user2}" = lib.recursiveUpdate
{
inherit isDefault;
id = 2;
settings = {
"browser.startup.homepage" = "https://portal.azure.com";
"browser.startup.homepage" = "${site3}";
};
}
config.swarselsystems.firefox;
ws = lib.recursiveUpdate
"${user3}" = lib.recursiveUpdate
{
inherit isDefault;
id = 3;
@ -13274,7 +13252,7 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
inherit isDefault;
id = 4;
settings = {
"browser.startup.homepage" = "https://outlook.office.com|https://satellite.vbc.ac.at|https://bitbucket.vbc.ac.at|https://github.com";
"browser.startup.homepage" = "${site4}|${site5}|${site6}|${site7}";
};
}
config.swarselsystems.firefox;
@ -13437,27 +13415,28 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
exec = "firefox -p work";
inherit terminal categories icon;
};
firefox_dc = {
name = "Firefox (dc)";
genericName = "Firefox dc";
exec = "firefox -p dc";
"firefox_${user1}" = {
name = "Firefox (${user1})";
genericName = "Firefox ${user1}";
exec = "firefox -p ${user4}";
inherit terminal categories icon;
};
firefox_ws = {
name = "Firefox (ws)";
genericName = "Firefox ws";
exec = "firefox -p ws";
"firefox_${user2}" = {
name = "Firefox (${user2})";
genericName = "Firefox ${user2}";
exec = "firefox -p ${user2}";
inherit terminal categories icon;
};
firefox_cl = {
name = "Firefox (cl)";
genericName = "Firefox cl";
exec = "firefox -p cl";
"firefox_${user3}" = {
name = "Firefox (${user3})";
genericName = "Firefox ${user3}";
exec = "firefox -p ${user3}";
inherit terminal categories icon;
};
};
};
swarselsystems = {
@ -16506,7 +16485,7 @@ The hook functions are defined here: [[#h:34506761-06b9-43b5-a818-506d9b3faf28][
(:maildir "/Drafts" :key ?d)
(:maildir "/All Mail" :key ?a)))
(setq user-mail-address (getenv "SWARSEL_SWARSEL_MAIL")
(setq user-mail-address (getenv "SWARSEL_MAIL4")
user-full-name (getenv "SWARSEL_FULLNAME"))
;; this does the equivalent of (setq mu4e-user-mail-address-list '(address1@about.com address2@about.com [...])))

5
hosts/darwin/nbm-imba-166/default.nix
View file

@ -1,7 +1,6 @@
{ lib, inputs, ... }:
{ lib, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
workUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/work-user";
inherit (config.repo.secrets.local) workUser;
in
{

16
hosts/darwin/nbm-imba-166/secrets/pii.nix.enc Normal file
View file

@ -0,0 +1,16 @@
{
"data": "ENC[AES256_GCM,data:6u0RRfaZaNk5KwnMoWY4dUC7xn132a7yKDZnStUSRS+Ci7XHMak=,iv:VQ2cYcdOS+S31d1yQioj95CTVmuvBVkgojIs6ib9iOM=,tag:QtC54hIryboeaOnDf1u2yw==,type:str]",
"sops": {
"lastmodified": "2025-06-11T13:04:16Z",
"mac": "ENC[AES256_GCM,data:sOzsL5QIET0hGTR3UwcKx7G8RAlOoLZaDlqsn9Yqw2+0yHPmNFs1N1BST3NNaNe+P9j2XruGgBNGCCm9igq8j37W46hf6uAy69Rx1Kzvrxih2Qu3P0Bb1ozyymQxeXDtKdvC0pxOFsgEk05l9VG0JM2Calxq/pK/EoGPfRQS1Zg=,iv:l0M0BrEQSixlU4I2UrB5g0FaKL32/VrCyJcm3MXujRs=,tag:hiNfmFMpHtoghOEv5JmVKw==,type:str]",
"pgp": [
{
"created_at": "2025-06-11T13:03:51Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//cqwpzR+VevsftDMoj79xiFvayPxluot/mZKQAMPNpMIG\nKDNMYYnIKa1z5TBeDVuivslEytIqB8zEmiZ0Sa6oMJ3T1t72cQbKjARKyKxneGAz\nYqVEM/zHq6W4E0NwE74F4ZAhGA8abFu6nKxQwITwyw28TiOzkNHG0W49ZRLXAHRm\nRBih8p6B05Q1EPK3I3Gz4KUklqNptrbjtRvTzcLcVEkfbOhKz2OOck1a/kqjmKrb\n7/9ORD00wfcXnUykIzN7noe5WixEuDdaE1T2f7kgB1749OVPNW4ZhWsm6yGsRJbJ\nh3n4xUhTrwRZ+9MtWqOdoJ8Z2I8ylUmXiHJYfOj/U/BG7H4y/EMXQ8RR4sMZjlcm\nqhuzor4Ku8Og72RHhY7SnSCCSH10uHVqlfapVH7iLkwywg3pKWdqqEv7wU7A83tR\noDa7+zD4wZYS4p6TEvvv9jyUE9r5A0r5evqHSHzM6Cgkp42FDWkTb30NeBvX2RJC\nyBeQEPqiaAIM+dUdxvM+cFzYBMVdfMtgQHwr3Wkw+Bb2+Pt/JDxcSDBtJbxl+GGp\n+tWn6etfSe4Nr0Z0abgUcKq+niaM8rD4W0DhLNDLhXE2KRTbQV0YgBqlXZf+uY8A\nHagbCeGGT0k67PJs++hlDEeVhB980eMzHdLsv0w+Ie6bttgY81gOvsrr23RQN42F\nAgwDC9FRLmchgYQBD/46neLbZcA0IIPUyeOjwiS2p1O1sR/i9UaSALa+4lw/pdCu\n7iPWwGMDNkh6I+5A3++3lC3MME7A846MFGq9iFpH/+TyTZrqnwcwGY92CE60T1Q6\nouA+g7C/CIX1r04IiAVxi9tBjUmB+dFApdFCC5Mg6Yx+3zh6Z49zvMoO5yGqLLhE\nhqAgxJB0lB07nepgB0spJAaKBs7GyYEss3Cm5WpsitLitPRMEUKLcdvYUw6G09Kc\ndmJb9LbZy4Mn7YziIb+czWZ/hW6B7BUSUZMhQJwMcRFBT6+6aTpO6zWM7URbPQaO\nieN+2ShM5OotiUiO3nfRquBw5mUFDOR1ZVxF/rBtiZe2Jt0URE7pKfcuFQREKp01\nVgI+JUrEl0t8e5J3SSAoXColf+Oq4xDY+CNUJOAtuJ/LrNc0+Q0KwZwShHzGOl5M\neqUgkS+IMYrfJjuJZjTzQTJJ6PeC2VpEGO7czgCn9/5FftsrH2wSSLL4FGX4tXfU\nhrbtt4gMN0had0QkZkuhxlIwYcATjUQ7CGQfrhINC+EpEju/NlE6zuuIa+05eigR\n3kEemBa5Ely4onQeMh81nOAyhkhj6QcbE7qn+ueUMAb70u5B115ULLQUrivLu2jI\nSK6o1WAeZKZIcf0/6iB+mMc7qbG36nelK2JYK8e0KiVSIUGehpYwV3ELwuhzEtJc\nAYobc//aa6GU3pCFzp90TA9kAZXhqgaw9wkzicueAhgCfr8s0FxG5WxWQxfJBLYF\nVSPqrqJ0EBU1EF9G2nz0ynJL1iWiN5VcN7JTXYXTK8TPJUe0ZU1boS4AhOY=\n=AG4y\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

9
hosts/nixos/nbl-imba-2/default.nix
View file

@ -1,6 +1,5 @@
{ self, inputs, lib, primaryUser, ... }:
{ self, config, inputs, lib, primaryUser, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
sharedOptions = {
isBtrfs = true;
isLinux = true;
@ -23,7 +22,7 @@ in
];
node.secretsDir = ./secrets;
swarselsystems = lib.recursiveUpdate
{
firewall = lib.mkForce true;
@ -33,8 +32,8 @@ in
isImpermanence = false;
isSecureBoot = true;
isCrypted = true;
hostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname";
fqdn = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-fqdn";
inherit (config.repo.secrets.local) hostName;
inherit (config.repo.secrets.local) fqdn;
hibernation.offset = 533760;
profiles = {
amdcpu = true;

22
hosts/nixos/nbl-imba-2/secrets/pii.nix.enc Normal file
View file

@ -0,0 +1,22 @@
{
"data": "ENC[AES256_GCM,data:7NtG3UFeZ4Ao/g/kfJzSfdwpiOxOT2c3N1NRsFAx2wRLnRHpsT3bgFtkQxiw8hz0GOmZXHktFvoTt6xHv7wjBk8rIil1fUJoWdqGymQWMzjb3crFDWQOkUGJxVl9ARxTQew630ITtezThuGzuOBewBuJ7ha/SAoGLqPwLuitBIuK9nC6szAIN0wdqM+S1KSNyj6yQitUNpL00/cV4PwKE6+slzjO24OEk6Ut5CO5zdS03Kv6vpXHGY2a+13xmkeusuMrfdZPkGt707FDZx5qBOZka8IEThSawZxwqVjgPfUFNwqc7l+OSMkAjgzqZ+XNsQaDGWfrZrHTkIVSGW8C40Zhvz4q2v2BtRREbWCY/mLJVf5ZP0duD95gYk+MA/4pkriPQY1SmF3ci89i3+pWWhJ4QN9fG5eEA6mvDmVquYXa3q5D2MBOnrZw5hPxM5kgwZiC1Km0aCs8yjS2PPxqZZxgjo39to4GjuLnnu+iDy/8T0IQ7vcI1f9cPQpKTUtNHiBf5SJFsDdDgzCuKR3UTBA5Nq9mvUhcSSIvzG03z0QLVHUISdKyLVWFQcmTCsrRbxfsjryPZ2MQF0sda+6/XWDzW3cdXRCUw+H3ac8XHii0xsgD08l1cBXPtDFa/TebiCsbms9tdJoAuTU7n58d0CT9LDqnutCHOUl/38eSNbg1ZpQh1TVvlW+rV9QIxYjPJulOG/USaR17mR3AZ5pwuFLr9YWOipLmSj3ivHxmnpoeQNoHNbcs2lJX40oNmxnB3wHoaicHibNkX/nMkRjYJYz1h+ocZ3sA3HQvzm21JxvDttHucO2y3LL4jq/R5KawrmD6PRl9l0faR2Z+J0m0HAVHCAAfznbQmwCipgVHuXQX0wrKVjwAngXVdYJWWNx154tdp/tDvT/rLSEBgFdVkwJHL5YXu1Vo/nw0bCQWqkoappEpTSDxcEv1MIsF83wwEo3kKrzvwA90X8m34DU2A1NMfvhE3ZJ0wBxGAG3s1BQNfRiHQNnzwqyn7MEbp9+5xHd6FJ6tiC8TByEWZt5MKXTklHf447UTq2yR7ZX+FnKdOjzgCbpH32GddSVaDbNxt91eBg/XOK5lrJTpGqVhl+E7MfLoOuRW,iv:5zbIXCwGyPZZTLscwd9VaCoEriZtaZwsxoGh2Qv4c6g=,tag:Tf7gxYE0aZCrD486M2SMzQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQVXVBVndUU2tDdnlWd3Bu\ndi9DMzFseEtGUVFEWnVEMndWTk9GSGl2SFFjCk9QbnpYS2dYVElJQ28yWGw4Umd0\nS1k0Wk9Yc2hrUUc3dkpGb05EYkFHdVEKLS0tIDYvMUh3NEtlY3FWYVdJbTFRaXlW\neU80R1B0aHprSlI5NkJzRldOSFNMTmcKD4DCuREVbI/Qy3sEyEEWtjW/KbIPuN76\nqoteCCN4mGIR7241e5NwMRlFqxgHyod5mpJfwnUbkYBZZZ/u9PDGmw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-06-11T13:48:16Z",
"mac": "ENC[AES256_GCM,data:6WiY/gpT7V+xQCuotG41Mh+dTSjYT/sg/14Gt7Z7PsrG+WRR33N1OhBV3EVdXeeE8NXkvvoZL/wypgQTWk7wfWpzwhWH478OXc3yaVx7G/nTsDhX/XjKvajpKnXLdn/s2xt9vhPmYuJidR7JYoHN4iv1Lv1eC1mAYKpW4i+sNJk=,iv:ThUxocoeMC1GAfSSeDF9P+m4BZpNuiyWiBrwDPhvNe0=,tag:AxvMKzkG1HBdUqPbbz4Qqg==,type:str]",
"pgp": [
{
"created_at": "2025-06-11T09:18:35Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAzg39i9TFW/qilR+HdUpNlgp3KXnW0kwYk7CI8Ie7RJOz\nAop/ak/nokwooxlLGJOiNsFS1//5PxiwOyxZzPmGvTTH8o8tUNZQSULhDnBKHUWG\n44KkerCk2CjbgOrcL7SzaZsFufGRJRcW1700EGatl8D3U1o94isYbArzQqjVXu7Z\nC3VRE80zV25TO9FzxCWCPOj/ML+vo+gq/rgUNQi4JKKBf01Ti142nlJ8hcMX23cb\n2KZkT0VOTz0uouc1J5hXiYmBLVEfsrKUTcamUE1S/dAGuaMe41F8oHt9Rw0YxP+g\nj1PjVuk/F44CRnVVNo8ScihNmvX+ex6+2n1JWmSFkCHtx054bMHTBiVMf86gYiy6\nUqbhuQw52U4/p3U8h7gYjU8yBuHMnCxxL3u1362lz2fDIOxyKtvMH0NGhw8cp7/+\nZbJ6fAUezn8xCXyzhl88XVYNXvM4Vjq6D3qBjjlyDJe9wXXsoPSAUNuVqBDbfnm0\ngOCnT6yOPj1Zv39IvQR+k73ISwBJySpqGgIYvjRtH0JGkXt2exayvWCqeRArkSQ4\nBITQKHFmSrBxo4ndnsTYWC+5v9VBLSUFEXpwrRZY9L5Zqw9Gyqj6hThzTMJiyaiV\ngMzK1JbGaEOd0f8QDfJfwn6VmmhW67w775V98n2wSejWb4WfogDXKe8DbIqrxp6F\nAgwDC9FRLmchgYQBEACPCA/rrYva4WKx9RrDiVkqi0sUM+xHEC17a9FyVXH+grwK\nwB+7prQjx9P4z2/qqlASuBjBjE8MvG4SIgJ6lziLstqrWpNHDuPJoXCTwdYbiqME\nb2V2VPC+PmulvUNcWDVEv4PWIYnKmvlhC/pxsyGtSfxRWgNYGCCx4eTa2OfYgswd\nnHnS+qT+cC6RTjqyeftJxlII2ocMduNpqFr9pVnPlNq3C++6bw/g/Il/YhGFJmr2\nvOl2WPhExh5CSux+oKjXdzsim1Ltz8KOmkSXNCEdI0v/X6OPNfGhnsKLYxaQMJst\nYfu8PIiVHPOYao2kVMstOeH5d/9LLV8MChKLTUelkZWrl1US0yBoCambl77Ooxx3\n14pTXosVSlShSBTGvGjlQS9Jnp+s75TMr4YoBe9UuK22iwtyq69ZKgNiAv+j0LIA\nOWSazSkbwikPsfFLmBuUWJjb5nvM9TUocDdwQIUE2AmmsXNnhnzd8CMnTRE05Go3\n4IVJXKHlKuiW53ji0b2GjPyT/WR9cLIpXRkh/ruTMQ7unljRLY9Ln92spbipg9wW\n4LXxRQ1pJcSOfMuDspLo12fts+gWaxQnkaHxRFoXORDmUmv1la1fHqFCeJRuNKIl\n+u0a9J2ra5S3f1rN2jsHcX4qLe+uq9rH/hKjPmE3CdMv0m9uifP7DfQiTnJcCdJc\nAR4qlFAxNnJyV3zavOuY410oYQYR9s9lqDWI20k1Gkgf8K668hrIPr9FeTuSCuGf\nCqjQ15D9MmBihKbB2gaMuJ6hV6+cAW6QEqUABMu7jT8oFixTHh42F8PFyxc=\n=lm7F\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

10
hosts/nixos/sync/default.nix
View file

@ -1,15 +1,11 @@
{ lib, primaryUser, inputs, ... }:
{ lib, primaryUser, ... }:
let
sharedOptions = {
isBtrfs = false;
isLinux = true;
};
secretsDirectory = builtins.toString inputs.nix-secrets;
workHostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname";
dev1 = lib.swarselsystems.getSecret "${secretsDirectory}/oci/sync/syncthing/dev1";
dev2 = lib.swarselsystems.getSecret "${secretsDirectory}/oci/sync/syncthing/dev2";
dev3 = lib.swarselsystems.getSecret "${secretsDirectory}/oci/sync/syncthing/dev3";
loc1 = lib.swarselsystems.getSecret "${secretsDirectory}/oci/sync/syncthing/loc1";
inherit (config.repo.secrets.common) workHostName;
inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1;
in
{
imports = [

22
hosts/nixos/sync/secrets/pii.nix.enc Normal file
View file

@ -0,0 +1,22 @@
{
"data": "ENC[AES256_GCM,data:4mDIWJ+WBn4c3US7Gby15hCtYYS6gYR1asm3SafO6/qyPKrcfKN42d2iIZEIPEq5yVj6OKt7ccFjQI2q3p8Dpb+HNYzHeGRcwBXKPL5hbVziP7Ik8pAYib7klUSmMelqOkc0aS1kyRyQzpvQoA6T7vNqEdm8kBR4SRs=,iv:7ZTbZh7TnCnfZ33g88Bsk3TISfhxz3+4cB1KiFucCMM=,tag:QgPChPUmZiB4AhH2xXturA==,type:str]",
"sops": {
"age": [
{
"recipient": "age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ZWxybEZUcjlIdmtOS3Az\nbGt2czliWHBlUWNsNDA0cTJLeXdFOXE1NHh3CllaWGh1ZEZINDhPMUdCZUQ3Ritj\ncTdpRFRHaFdBa3NPWk40WjVlaTlrQmMKLS0tIEZnYkc3Z2hzZXV1eGlsaktyckVT\nbTIrZ3BvZDNkRGpoZ2ZncVlwZysxMW8KU0vsVA9gG63M1ecqk918QHh7P+MSbKaM\nRv/HVAvCzNcMFwPUC7zF0jN0FpAl7eNGkniUMCzGyXHty4anSDyt1g==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-06-11T13:01:41Z",
"mac": "ENC[AES256_GCM,data:urkp4cEP8fzSvroewVTbVfFK4O03qKnd+Ch3ASJAo1xu++y+fuFFyRcvrY57xU32H+mK2ipSkl2FkeTYB2fNDpXzTIyCWGQPZ4i3doqmFkV1UPjjov8Cc/LY7eRQYj84pF9sFRMdAwtaUL3Kd4Ab45mO1fy7KYAW57zuUeZks/o=,iv:efnEEPHFu2EtRSyob3ozjHz4L1YHJ0AqzLb566pg5ZQ=,tag:VnrO5QFhdQFe9/7aJ9C/qw==,type:str]",
"pgp": [
{
"created_at": "2025-06-11T12:59:00Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAvlrXaui4wqN1kgpfcZMf53RsJYbZp6//miZzas2xKVW3\nyvtubrrYBrHGPEnUuoHexsN4xiQ0zayOn+eLrbv5+8/jhjL6cxtv894+iHYcgkD7\nDc9M4f57Lf7qF9lGTo1pgPKRf2GbHbHfDgUjz5XcIUD0WAz0PCkGQqutP5daw7wV\nMo+fKm6yOxb+e89rlOUY26/LSy+5WMIoQ03tcWu92UZeVRvtEL2LIDQJ3+gCEBrL\nPI0SU84tIl1At1TkKhJkcZ9axn0vOc+LzhcdZ3K5AkAlvnx6/+KdFiVj7xQNQyfN\nJJs3U1HKDca0R6efTRveEoi5nWew2FPGmRfOD34DorokM46Ol0l1c4gL+2LjvPUj\ntEG3slBFoKYbPuj6GSA2H3U2LcgVbPtZggr7VN7d4bLiqT/PkUa2jjAcsqyb+Twc\ng9nmCiWFvrGR76dpvSdx6oO6O/etMcWT9A4fYMPStXcnT32N4q+qrV/+nFZm4BLp\nWvDYkgVWmiAwYTcwuAHS12yH9ymEQMRanSNyzRqjax+GVN70B5nNU5sn8Ch0ex7Q\n6qJZq1j+i/OtNITvnnCdOxefntM4UZzyeyqvU+rZx40KepyVD2XFWkp+9abev0iL\nVbJK5PmNRRxqLaRWxJu2f/Jb86hy60XjCcsWGxuo67ZReRWOHIuyQB15tr3DdReF\nAgwDC9FRLmchgYQBD/49wGPgfs1G4Y0qcAoqZWbdpbcqCwYEzlRK1DJdjFTtE8LO\n+IpA03seoy7qCAp3v86qg7YwjydA+vCJUk7FRFbLiesKDxS1ZRwZSWHuM/v46rj4\nJoTqOPjuJDzed8dFdl4082PrQ0z+dXjsK/ua6d6eQRw6JEgpTLbv7f6Ru4RyM93h\n3wUodncoqcyZ/Wy7qLKCy10CTaD/RRpVrKt18J0L17Qbevmap6tqRZI11GWBnb+R\nqChAvuBQnhN19+MxgJ9AC20SqUht2pBvUXAhWf9vEGoygWR2kXuxyxK2XYu26zXa\nBb33xNAd2BZ/zr7fDnwjROkhRJ0YWk4GqaUCfo3zmT/OtHUzoyIvi0um7obOPzUk\n6RJw3q3siiUXavvTvgJMhCySwzHLtrPGYzCiHfkQc555yRqoz1XrdZOoQyba288y\niMFVzrIp+jlN+shNfsumGIgtogiYl3yI+Ecib7ozwIXDyOmBfsGUFLZkleGXWoH+\n/ZU3stAVFsSzOVkw656NWgsAEnqP1T7TGBMP1vibDPNZBp9aExA+1XLyVbr7sFJG\nWT9ypYorj7hF3UW1Ep/1fmcYovXICieKPR8sLVdWrPxRXArezfoqMAFhxdw6y87n\nQUrOTy8XOwsERmMOWhcU54NgdU21MDI3/sgh20KznNUU1iIOPQgfeobJ0rR/htJe\nAYaaMHhkJvSkiuXBKJIaz125xQrKvwLpB+OsuezPhT5Qn4MZUEoUa5Ft1GhiDqWM\nSB8o70nlAcw0CFvNlsYRZdVY5FACj81B1H6JH5eNUx6f2FVhcO61kc60LJvzug==\n=zX1v\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

5
hosts/nixos/winters/default.nix
View file

@ -1,4 +1,4 @@
{ lib, primaryUser, ... }:
{ lib, config, primaryUser, ... }:
let
sharedOptions = {
isBtrfs = false;
@ -20,14 +20,15 @@ in
};
networking = {
inherit (config.repo.secrets.local) hostId;
hostName = "winters";
hostId = "b7778a4a";
firewall.enable = true;
enableIPv6 = false;
firewall.allowedTCPPorts = [ 80 443 ];
};
node.secretsDir = ./secrets;
swarselsystems = lib.recursiveUpdate
{
isImpermanence = false;

22
hosts/nixos/winters/secrets/pii.nix.enc Normal file
View file

@ -0,0 +1,22 @@
{
"data": "ENC[AES256_GCM,data:fV+l+oFGo7zQFxQG+EYbLzUjkqClszi79/LpPvhJNl4IBXjSSMUo6E3vGnB/RRoAWwix9EurHDYV9jydd67uQ6Lx1Y31+0daflC/BNYsDYDNUKvDJDWvhbONs2Xg3RGDNacQ+EoHN7mCyHuaiNW7OXHBPhzs+rLlADdgtZ6CNR9bLV2HRpeR+d6uTne5ex8SJ4m3ChJe1O9Cyir4/z4eftfnKtAIezPrAxUPlm1QxnU7/z4YipWVw4HkYVzzWvi9Ewbis1j9C2TRkuOpEWU+I7zrIWiWdsWwnpKZqQv5FJEo3MZpVKcMMlNltvlJiUC+abC9K7079C+5XHhrZgJ73jAQ5fkcSspT5y6JfA+NveqYx7ZmOdS/yg90lrM4X8eE4SlqeN7gdW6nxPOzGZwMQQYeLjGdanKKQhUDQsf8iFW7egfCB+o=,iv:OO+Y91C90hLtZ0ZegEX00ukTUyBHnRqBRTff1LLX5/0=,tag:gZS0S9RrqWZlB5Nyjp6kfA==,type:str]",
"sops": {
"age": [
{
"recipient": "age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyK0w2RjJ5R1l2ay94QXRj\nekJwSlowcFVLc1cvWVFjNEVFUnFocEJHYlNnCnBnUEYvNWdNWE9BTjB5ODRuTlAw\nMUh4QmlTeVVYNHM0S1FwWG5qUG42VDgKLS0tIHh5VlU2dVZmUlRIMDRlVEJmNU55\ncFlXR1BzMkVnMkFWN3BBZWhHalltMlEKibdARxBcFqaXUhYp3KkrrvO9YgaBDacl\n8BEv4ph0f2baDN0dsymJjmdHStwKTjOwDspRtCTs5u75hR35a2xyFQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-06-11T12:16:31Z",
"mac": "ENC[AES256_GCM,data:cdN7ip4KbuZVXfbNv3lCacXj6VImR5XLQgDG8u9336MAqERKRdumjj+z9vHNozK+Q2AAAvRuqqCO23RllYlqYpiL++UUEkSe4FNPt0yRQWZFUjHwBeitW4Rlk2PKnoFLngrmBN7+1nrSaFV1aZCQWDybgvBqUv7paBVR0y5cN9E=,iv:FhZsbGT5Z4s2r+1LxSxBYrglr+KWqh+gKeXQF6gflNg=,tag:kkaPCxtx1JQuRPXkl9nA+A==,type:str]",
"pgp": [
{
"created_at": "2025-06-11T11:42:23Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAnyYWn0oJCbksEr9jIZOTWwnFLVO5zZ1E7tuFahemk6RZ\ncxgYfM+w68PtZ+/2ixCecwrL6k3dVdlEq6eePifweWLFyexUjxxha/AKrCAjNkSa\n4gK/GYE/jPalcc8cfP6R/uXhWo/le+nB5XU92SZ0rtihD5yvHCYBdhOKq29F1hEk\nZCVIfkElwra72PO4pHMN0sBqca3iT4ryUrYZ/qwZa/7xKFBIGW2yaaAmgYDU1an8\nWeyk3h1JMshPtR++hpojKFuhnqSnUBOyOvM7BCwNyKsEGXfVdypFz7dF+lJejADb\nLeFH/XfLCgLIJ8npedBEUFfzo5VSTnbtX8VOEfzxgKaZZN7uK0aZQShBjUK+tc7D\nQRDUK0WUV+68Wk+4mzZsLfMWUP4sM8X4w8Z1mNmyyzntPHt9x8aZ/uCHdZnKs55c\nRKzcGEncI3qxen7JiI+tsKbIf+i1rPGTshy+T3YBg+HnuOl9J2sOin3UE1i88uxd\nOMwzDx5/X3VExxaoI3HP4k+cLHhrl6mbuzEuMDV2Penn+gCFuMiiIM+4WB7BZY6G\n9Tm5eX6muaIGxAK9IRA1uHwdLC28JnJQyrvgHE31axcFb+0MG2TkxlNOlOt0gQAp\n9+vN0meOJEfWB3bUjWSYvrboSOR7oNK7lZYob4YureWUAWfLg8KSsUyjNV4zlzGF\nAgwDC9FRLmchgYQBD/9NGOJqsqESVWL37cpkybyh9xKo45bHcGGSMOHQaqqcntyo\nqCmMS9y6uIBypmd/qKK8csLYAask4UQm8/8GDtUDn0IbE7p5eJ73iHJ3wtkEojig\nXroCV3a8rgaVtSueRGzYuR9UHRU5GgDkW76aAtdiT6lecBs+Mu8rs0++kw8hD7tN\ntSuGeImbwSvR4ow1sSsN2XQLPptgYRjDJ86fvjK6CWQrnKCwJa+R6GN7V+K+kQIK\nTfpJhDtL7JQdz0t/zS5NsnMLhfVHeL9WLjEeOp4VTPflBfAMPLxnC3iVnferCehI\nY8rLWsPfJDDij3nf2QHMTeSMgiminR2gDoNVJ/j5Ac88zNxReQpFh0YAoYtzs27O\nKoDZc8xVxnesx6Yyq+f2d79RqM2swyuP1go5RnrrHdOP25mJLb2yhPCv5765fPRr\ni+9iTSTJn5XNwybvRBYp0l4zTeSSRdVky/8sWXDnJo23uvRXdW1lqJTgsWvseSLD\nugJP5QpCg4mynViWUlQvHpYS0E1xi4lSA0y6HFA6SyIUqupLBtazaOJGUv1MMUBp\n3nLviBtbyWn/9mSlXvzpjKKneNc6jKft1lsUczYfXU7ErMrDHYpHULL0+HbYfFss\nqe2QYzWfWB0yW4FxOiqf2nFkUhoADDbUoBOlRJycZR589MCnKonMYlqtCdf87tJe\nAVJDXU2PQebZ8ef2O5S/zoP6bryOwLJ+6FciXimxHFK+b5PWRAiBvw3epsvohkYd\ny776qjx+U8nWKCR54H/i6pZlfnRM3XnSvUBKKnWlhfEB8CeDcG250AZUfp2T4w==\n=Aj1y\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

686
index.html
View file

File diff suppressed because it is too large Load diff

19
modules/home/common/env.nix
View file

@ -1,12 +1,7 @@
{ lib, config, nix-secrets, ... }:
{ lib, config, nixosConfig, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon";
nautilusMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/nautilus";
mrswarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/mrswarsel";
swarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/swarsel";
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
allMailAddresses = lib.swarselsystems.getSecret "${secretsDirectory}/mail/list";
inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses;
inherit (nixosConfig.repo.secrets.common) fullName;
in
{
options.swarselsystems.modules.env = lib.mkEnableOption "env settings";
@ -18,10 +13,10 @@ in
SWARSEL_HI_RES = config.swarselsystems.highResolution;
};
systemd.user.sessionVariables = {
SWARSEL_LEON_MAIL = leonMail;
SWARSEL_NAUTILUS_MAIL = nautilusMail;
SWARSEL_MRSWARSEL_MAIL = mrswarselMail;
SWARSEL_SWARSEL_MAIL = swarselMail;
SWARSEL_MAIL1 = address1;
SWARSEL_MAIL2 = address2;
SWARSEL_MAIL3 = address3;
SWARSEL_MAIL4 = address4;
SWARSEL_FULLNAME = fullName;
SWARSEL_MAIL_ALL = allMailAddresses;
};

7
modules/home/common/gammastep.nix
View file

@ -1,6 +1,6 @@
{ lib, config, nix-secrets, ... }:
{ lib, config, nixosConfig, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
inherit (nixosConfig.repo.secrets.common.location) latitude longitude;
in
{
options.swarselsystems.modules.gammastep = lib.mkEnableOption "gammastep settings";
@ -8,8 +8,7 @@ in
services.gammastep = {
enable = true;
provider = "manual";
latitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-latitude";
longitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-longitude";
inherit longitude latitude;
};
};
}

9
modules/home/common/git.nix
View file

@ -1,8 +1,7 @@
{ lib, config, nix-secrets, ... }:
{ lib, config, nixosConfig, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon";
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
inherit (nixosConfig.repo.secrets.common.mail) address1;
inherit (nixosConfig.repo.secrets.common) fullName;
in
{
options.swarselsystems.modules.git = lib.mkEnableOption "git settings";
@ -26,7 +25,7 @@ in
key = "0x76FD3810215AE097";
signByDefault = true;
};
userEmail = lib.mkDefault leonMail;
userEmail = lib.mkDefault address1;
userName = fullName;
difftastic.enable = true;
lfs.enable = true;

28
modules/home/common/mail.nix
View file

@ -1,11 +1,7 @@
{ lib, config, nix-secrets, ... }:
{ lib, config, nixosConfig, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon";
nautilusMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/nautilus";
mrswarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/mrswarsel";
swarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/swarsel";
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
inherit (nixosConfig.repo.secrets.common.mail) address1 address2 add2Name address3 add3Name address4;
inherit (nixosConfig.repo.secrets.common) fullName;
in
{
options.swarselsystems.modules.mail = lib.mkEnableOption "mail settings";
@ -34,8 +30,8 @@ in
accounts = {
leon = {
primary = true;
address = leonMail;
userName = leonMail;
address = address1;
userName = address1;
realName = fullName;
passwordCommand = "cat ${config.sops.secrets.leon.path}";
gpg = {
@ -66,7 +62,7 @@ in
};
swarsel = {
address = swarselMail;
address = address4;
userName = "8227dc594dd515ce232eda1471cb9a19";
realName = fullName;
passwordCommand = "cat ${config.sops.secrets.swarselmail.path}";
@ -89,9 +85,9 @@ in
nautilus = {
primary = false;
address = nautilusMail;
userName = nautilusMail;
realName = "Nautilus";
address = address2;
userName = address2;
realName = add2Name;
passwordCommand = "cat ${config.sops.secrets.nautilus.path}";
imap.host = "imap.gmail.com";
smtp.host = "smtp.gmail.com";
@ -116,9 +112,9 @@ in
mrswarsel = {
primary = false;
address = mrswarselMail;
userName = mrswarselMail;
realName = "Swarsel";
address = address3;
userName = address3;
realName = add3Name;
passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}";
imap.host = "imap.gmail.com";
smtp.host = "smtp.gmail.com";

106
modules/home/optional/work.nix
View file

@ -1,10 +1,7 @@
{ self, config, pkgs, lib, nix-secrets, ... }:
{ self, config, pkgs, lib, nixosConfig, ... }:
let
inherit (config.swarselsystems) homeDir;
secretsDirectory = builtins.toString nix-secrets;
dcUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/dc-user";
clUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/cl-user";
wsUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/ws-user";
inherit (nixosConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail;
in
{
options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings";
@ -43,20 +40,20 @@ in
};
stylix.targets.firefox.profileNames = [
"dc"
"cl"
"ws"
"${user1}"
"${user2}"
"${user3}"
"work"
];
programs = {
git.userEmail = lib.swarselsystems.getSecret "${secretsDirectory}/work/git-email";
git.userEmail = lib.mkForce gitMail;
zsh = {
shellAliases = {
dssh = "ssh -l ${dcUser}";
cssh = "ssh -l ${clUser}";
wssh = "ssh -l ${wsUser}";
dssh = "ssh -l ${user1Long}";
cssh = "ssh -l ${user2Long}";
wssh = "ssh -l ${user3Long}";
};
cdpath = [
"~/Documents/Work"
@ -66,42 +63,42 @@ in
w = "$HOME/Documents/Work";
s = "$HOME/.dotfiles/secrets";
pr = "$HOME/Documents/Private";
ac = "$HOME/.ansible/collections/ansible_collections/vbc/linux/roles";
ac = path1;
};
};
ssh = {
matchBlocks = {
"uc" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-prod";
user = "stack";
"${loc1}" = {
hostname = "${loc1}.${domain2}";
user = user4;
};
"uc.stg" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg";
user = "stack";
"${loc1}.stg" = {
hostname = "${loc1}.${lifecycle1}.${domain2}";
user = user4;
};
"uc.staging" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg";
user = "stack";
"${loc1}.staging" = {
hostname = "${loc1}.${lifecycle1}.${domain2}";
user = user4;
};
"uc.dev" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-dev";
user = "stack";
"${loc1}.dev" = {
hostname = "${loc1}.${lifecycle2}.${domain2}";
user = user4;
};
"cbe" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-prod";
user = dcUser;
"${loc2}" = {
hostname = "${loc2}.${domain1}";
user = user1Long;
};
"cbe.stg" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg";
user = dcUser;
"${loc2}.stg" = {
hostname = "${loc2}.${lifecycle1}.${domain2}";
user = user1Long;
};
"cbe.staging" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg";
user = dcUser;
"${loc2}.staging" = {
hostname = "${loc2}.${lifecycle1}.${domain2}";
user = user1Long;
};
"*.vbc.ac.at" = {
user = dcUser;
"*.${domain1}" = {
user = user1Long;
};
};
};
@ -112,25 +109,25 @@ in
isDefault = false;
in
{
dc = lib.recursiveUpdate
"${user1}" = lib.recursiveUpdate
{
inherit isDefault;
id = 1;
settings = {
"browser.startup.homepage" = "https://tower.vbc.ac.at|https://artifactory.vbc.ac.at";
"browser.startup.homepage" = "${site1}|${site2}";
};
}
config.swarselsystems.firefox;
cl = lib.recursiveUpdate
"${user2}" = lib.recursiveUpdate
{
inherit isDefault;
id = 2;
settings = {
"browser.startup.homepage" = "https://portal.azure.com";
"browser.startup.homepage" = "${site3}";
};
}
config.swarselsystems.firefox;
ws = lib.recursiveUpdate
"${user3}" = lib.recursiveUpdate
{
inherit isDefault;
id = 3;
@ -141,7 +138,7 @@ in
inherit isDefault;
id = 4;
settings = {
"browser.startup.homepage" = "https://outlook.office.com|https://satellite.vbc.ac.at|https://bitbucket.vbc.ac.at|https://github.com";
"browser.startup.homepage" = "${site4}|${site5}|${site6}|${site7}";
};
}
config.swarselsystems.firefox;
@ -304,27 +301,28 @@ in
exec = "firefox -p work";
inherit terminal categories icon;
};
firefox_dc = {
name = "Firefox (dc)";
genericName = "Firefox dc";
exec = "firefox -p dc";
"firefox_${user1}" = {
name = "Firefox (${user1})";
genericName = "Firefox ${user1}";
exec = "firefox -p ${user4}";
inherit terminal categories icon;
};
firefox_ws = {
name = "Firefox (ws)";
genericName = "Firefox ws";
exec = "firefox -p ws";
"firefox_${user2}" = {
name = "Firefox (${user2})";
genericName = "Firefox ${user2}";
exec = "firefox -p ${user2}";
inherit terminal categories icon;
};
firefox_cl = {
name = "Firefox (cl)";
genericName = "Firefox cl";
exec = "firefox -p cl";
"firefox_${user3}" = {
name = "Firefox (${user3})";
genericName = "Firefox ${user3}";
exec = "firefox -p ${user3}";
inherit terminal categories icon;
};
};
};
swarselsystems = {

15
modules/nixos/server/navidrome.nix
View file

@ -1,7 +1,4 @@
{ pkgs, lib, inputs, config, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
in
{ pkgs, config, lib, ... }:
{
options.swarselsystems.modules.server.navidrome = lib.mkEnableOption "enable navidrome on server";
config = lib.mkIf config.swarselsystems.modules.server.navidrome {
@ -60,10 +57,12 @@ in
};
# Switch using --impure as these credential files are not stored within the flake
# sops-nix is not supported for these which is why we need to resort to these
LastFM.ApiKey = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/lastfm-secret";
LastFM.Secret = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/lastfm-key";
Spotify.ID = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/spotify-id";
Spotify.Secret = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/spotify-secret";
LastFM = {
inherit (config.repo.secrets.local.LastFM) ApiKey Secret;
};
Spotify = {
inherit (config.repo.secrets.local.Spotify) ID Secret;
};
UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
UIWelcomeMessage = "~SwarselSound~";
};

5
modules/nixos/server/restic.nix
View file

@ -1,7 +1,6 @@
{ lib, pkgs, config, inputs, ... }:
{ lib, pkgs, config, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
resticRepo = lib.swarselsystems.getSecret "${secretsDirectory}/restic/wintersRepo";
inherit (config.repo.secrets.local) resticRepo;
in
{
options.swarselsystems.modules.server.restic = lib.mkEnableOption "enable restic backups on server";

5
modules/nixos/server/syncthing.nix
View file

@ -1,7 +1,6 @@
{ lib, config, inputs, ... }:
{ lib, config, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
workHostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname";
inherit (config.repo.secrets.common) workHostName;
in
{
options.swarselsystems.modules.server.syncthing = lib.mkEnableOption "enable syncthing on server";

2
programs/emacs/init.el
View file

@ -1502,7 +1502,7 @@ create a new one."
(:maildir "/Drafts" :key ?d)
(:maildir "/All Mail" :key ?a)))
(setq user-mail-address (getenv "SWARSEL_SWARSEL_MAIL")
(setq user-mail-address (getenv "SWARSEL_MAIL4")
user-full-name (getenv "SWARSEL_FULLNAME"))
;; this does the equivalent of (setq mu4e-user-mail-address-list '(address1@about.com address2@about.com [...])))

6
secrets/repo/pii.nix.enc
View file

@ -1,5 +1,5 @@
{
"data": "ENC[AES256_GCM,data:s7upsped0qBHSmSbW4ESqH9RbroHNMSO7wYwXRf12aWo6Ula6vpwQYHyCqhuiI4WtSL1osRLoosLipfNJLJRgunLB+qAJgkof+5njmCw,iv:ywC5bm4W9dkuxgqA7GxTE40pgzjGdLsHQifoMHYgEaY=,tag:bOf0xTa2VxZ+zONVRoXf9g==,type:str]",
"data": "ENC[AES256_GCM,data:t46tqCQNV0Anyt3ZhfoFA6HnSC7ECCjbsdMAGQ+Xno4BjBFXBJdhcKuEdfqqKylBberfQ5zpS7PI9TWUrhjJdQJq8uC7pMcLK652OjAJAdxHaHAt2eBPq2+UXAHvwzXwEauEZ78m7iv0VuFvN9pLbUBVDGFRdWLrt32DD2xVASLSscn/wpYnXhBrd+fi9nKtt41mhe8UvAEIxdYtIEh4/ylL3PjvCEJBBEci7Fe/UuokNxhlMNc2xV0AVo25aM3mQbXny8LPF5++PVteVr4RWHm9R1qtRR8cKmJI/j2ObwS5WSsnRAJHgO6b6Wq9F4SNdEFscqW7d8/WWBPTvv+H3VSQ3K0xxaOrbnJYxBbSAboTDZogkbYSrY41SXqXh1Gorvh92eCvYCSxTFLnbkKVx3F35+3NKYK8RQ0OYsIl+k8qE9kK35kNjXrm3gl7p/WjyDXJ2mhHmt5ZQSleseh4meOhg73kJFC+VeUlI5no+kDeaYwn5EM/pi/ZzsAQwq/wGqVrPgSVnTbyfBAD1FRqeUxNCo2ceTGW12ZvOvm+XxUJ8tVef2PvUuqKvg1Xx4TN3hRQUcYhXwZWzKgseiAonRA4Euzs/BKA5K233uP22t8klCy23Ngti0LJt5tbmsNeBBwb2f5Wcs4oDn2YIFTm9Bg9QLbfkYyZf/ZkbA0U7HfbvhlIKANmzy1G8+MYlpS4ZED36wT1fEDcEBVygzyHVx9sXEZuj6Nm1ekxSGgJciVL,iv:PBwZiNQjDguQF/GFegm1oVYHF0lG6fjK0vxBuQN1HFo=,tag:VH2pH+rKgyBSIzGo8py6bw==,type:str]",
"sops": {
"age": [
{
@ -23,8 +23,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4bFIrQjZ5cUFBQUp4dTRW\ndEdaZys0OHE5L3BPaVNic3ZZRDQ5N09SaGdZCllhWnY4T2lLZzVUMlp5VjMvQ2lP\ndGFNSTBqbjNMaUcwbVRaWFVCazU3OEUKLS0tIHBIWUZCYjFDVDgzbUUxMC9TNzdp\naFdiWmV6TGIva0RNUDNHWmdJZGgzNHMKiIzjo6sH/SP12cAXTvXiP0X9EE/A8Qw1\nIfgZfyEHdf/Mxd/iNzlWb2Nb0MLerYYw/qZ/+L5eDpUr4Vl051qOXA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-06-11T01:57:02Z",
"mac": "ENC[AES256_GCM,data:c/fERNdNCLBb26sZzse/liAQWosjFB20nP7xje1qsJ+NpGa9fvZXGtbxMTbFx/BWy5VB2LEwXLzOTNv10gbjCa7Ovr6fzWaZZ9PoadsrDA2nSiAvTu3v+a70vKCwsTWTUA42w61lEEWBJwjU3kKiI3WF8TPOCeB0CLf3J1t4AHo=,iv:BoPCpP2VwDSHJllcQMpcClHFr6YWDQIT5GJGSZ1HAYY=,tag:hdQUQEFHH3a0PhlEmKdPoQ==,type:str]",
"lastmodified": "2025-06-11T12:35:26Z",
"mac": "ENC[AES256_GCM,data:qySqNhw1CPbilUmJPSOsLGG3mbLrvPMXzkzUGIj5l1EBLl//BVfAqvkgc06AhjDexr708CyUU5tiW0JydFBkEcByxDK21JhnZGVTdiTidBUl5lS392bCxdnrWgNCm6BnIznLsF3UpuqStsztOgjRJa2pawC2b5i6VCm4asif2lQ=,iv:M0JEy5+8g2wesVMpfhl0OZOKh4MFnh6RwUm9tteSYJ4=,tag:2zxRZLab6Z5XDsh9MMHSlg==,type:str]",
"pgp": [
{
"created_at": "2025-06-11T01:05:00Z",